145176f4407e050e877abdaea44bb5cd6a99fce82f5709b737ddd42b6db34b97

Analysis

max time kernel
25s
max time network
18s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10/07/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf
Size

1001B
MD5

8dc189bc9251ae4c59e07e27f95e3b07
SHA1

19729e65adcbaf73f763790f2d1f035d933ba0b7
SHA256

3e091edbc809272bc87dd6948099ac940e7a33856d18283107231d805e7b65cb
SHA512

bb14b35d2644dcde13fcec17d4eed3274e56699c763070ad7ac4671f6f2a931c85e822b4d42c6c132bba9b40392308be44b1e4f1b576fa412f05f8992e6edbea

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
332	WINWORD.EXE
332	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
332	WINWORD.EXE
332	WINWORD.EXE
332	WINWORD.EXE
332	WINWORD.EXE
332	WINWORD.EXE
332	WINWORD.EXE
332	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Install Parallels Desktop\Install Parallels Desktop.app\Contents\Resources\it.lproj\CepAgreement.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
09e68db8192901dd7ca0d3b4333dd47c

SHA1
4e96b3c69bc3ad83ae1878fda6b8d4d273ad87a4

SHA256
83ff269793761433dbcb267fedceb128174d2eb1eed164b516fb7ff863da2bde

SHA512
ae0d39ff336b6cd4e8df741adeceaaf8a8fea4c33ab5b55994362a1661e0acb4ca15ae9ba35c6b455c7b3d6fd31ab65f3945fe6f7252bf4c34c29686e47ab867

Download Submit
memory/332-11-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-0-0x00007FFFB8150000-0x00007FFFB8160000-memory.dmp

Filesize
64KB

Download
memory/332-3-0x00007FFFB8150000-0x00007FFFB8160000-memory.dmp

Filesize
64KB

Download
memory/332-4-0x00007FFFF8163000-0x00007FFFF8164000-memory.dmp

Filesize
4KB

Download
memory/332-7-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-6-0x00007FFFB8150000-0x00007FFFB8160000-memory.dmp

Filesize
64KB

Download
memory/332-9-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-8-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-2-0x00007FFFB8150000-0x00007FFFB8160000-memory.dmp

Filesize
64KB

Download
memory/332-5-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-14-0x00007FFFB56D0000-0x00007FFFB56E0000-memory.dmp

Filesize
64KB

Download
memory/332-12-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-13-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-10-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-15-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-16-0x00007FFFB56D0000-0x00007FFFB56E0000-memory.dmp

Filesize
64KB

Download
memory/332-1-0x00007FFFB8150000-0x00007FFFB8160000-memory.dmp

Filesize
64KB

Download
memory/332-24-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-25-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download
memory/332-26-0x00007FFFF80C0000-0x00007FFFF82C9000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads